Senior Web App Security Engineer
Posted on Feb 24, 2020 by Tailored Shared Services
Tailored Brands, Inc. is the largest specialty retailer of men's suits and the largest provider of tuxedo rental product in the U.S. and Canada. We operate retail stores in all 50 states and Canada. Our U.S. retail stores are operated under the brand names of Men's Wearhouse, Jos. A. Bank, Men's Wearhouse and Tux, and K&G Fashion. Our Canadian stores are operated under the brand name of Moores in ten provinces. We currently have an exciting opportunity for a Web Application Security Engineer. This professional will use professional concepts and keep company objectives in mind while securing all software and business applications used throughout the workforce and ensuring that all privacy and compliance constraints are built into the software and followed.
•Work on complex issues where analysis of situations or data requires an in-depth evaluation of variable factors.
•Perform static/dynamic code testing, manual code inspection, threat modeling, design reviews and penetration testing of internal web applications and external partner applications to identify vulnerabilities and security defects.
•Partner with team members in application risk assessment and risk categorization.
•Network with and act as liaison between Security and software development teams and work closely with feature teams early on in the design phase to ensure applications are built securely.
•Support the implementation and enforcement of secure code design principles according to policies, standards, and patterns of Information Security.
•Design, develop and support security libraries that can be consumed by UI and backend systems with minimal effort.
•Understand online security breaches including detection and prevention. Keep up-to-date with latest cyber-crimes.
•Create reports and dashboards based on security events/incidents.
•Keep up-to-date with latest security tools and trends and accordingly providing guidance to team.
•Incorporate security in CI/CD workflow.
•Conduct assessments of web applications, client-side applications and tools, and APIs.
•Develop and implement manual and automated web application security testing of web applications to enforce security standards.
•Works with security product vendors and service providers to evaluate their security offerings
•Bachelor's degree in Computer Science or other related field
•10+ years of experience in Technology
oExercising wide latitude in figuring out objectives and approaches to critical assignments
oManaging application security testing tools like SAST, DAST and Open Source Vulnerability Scanning
oDesigning and developing CICD pipelines for DevSecOps
oMentoring others in exercising judgment in selecting methods and evaluation criteria to obtain results
Security concepts for systems hosted on-prem, cloud and hybrid.
Web applications, web servers, layer 7 application technologies, frameworks and protocolswith respect to application development and deployment
•Holds appropriate certifications such as CISSP, GWEB, GPEN, GWAPT, OSWE, OSCE, or OSCP
•Familiarity working with bot protection and waf tools
•Knowledge in middleware three tier architectures and ability perform log analysis and log correlation.
•Ability to work in Fast paced environments to enable development teams to move forward quickly.
•Must be very well versed with OWASP Top 10 and CWE 25 vulnerabilities and must demonstrate to exploit such vulnerabilities in mobile, web and console applications and provide remediation strategies.
•Web Application Firewall concepts. F5, Akamai WAF, Imperva.
•Static and Dynamic code assessment tools: Checmarx, Fortify SCA (Expertise: Advanced, must be able to automate the source code scanning through CI/CD stack)
•Able to automat dynamic web app scanners: WhiteHat, Fortify Web Inspect
•Software development or scripting experience (Python, Shell, Java, json, Scrum, Jira, etc)
•Familiarity with network and web application protocols (Http, Https, TCP/IP, SAML 2.0, OAuth 2.0, Rest APIs, etc)
•Knowledge or experience implementing SDLC frameworks like OpenSAMM or BSIMM
Work Locations: 02098A Corporate Office 6100 Stevenson Blvd Fremont 94
Job: Information Technology (IT)
Organization: Tailored Shared Services
Shift: Day Job